Can You Stop the Bleeding?

By Brett Johnson, Cybercrime/Identity Theft Consultant, AnglerPhishSecurity.com

“Cloudbleed.” That’s what they are calling it. It is the biggest Web security breach of the year. Only three months into 2017, Cloudbleed might be the biggest breach of the entire year due to the number of sites and customers potentially affected.

“Cloudbleed” is the name given to the recently discovered security breach of Cloudflare. Cloudflare is a CDN (Content Delivery Network). It hosts a Website’s static content on its servers and this static content is then served to that Website’s visitors. The result is much faster access to a site using Cloudflare while also providing a variety of internet security services.

So what happened? Cloudflare was leaking customer information. Well, “leaking” isn’t really the right word. It was much more serious than a leak. It was a deluge. Private messages, full chat logs, password manager data, hotel bookings, adult Web frames, https requests, session tokens, cookies, IP addresses, passwords, keys, data—EVERYTHING—was leaked by Cloudflare to random requesters between September 9, 2016 and February 18, 2017. Additionally, the data was cached by search engines and may have been collected by countless criminals over those five months.

The data leak was the result of a bug with Cloudflare sites using email obfuscation (hiding email addresses from bots), server-side excludes (hiding sensitive content from suspicious visitors), and Automatic HTTPS Rewrites (safely rewriting links to unencrypted resources from HTTP to HTTPS). Only requests from sites using those features leaked data. The problem is the leaked data wasn’t necessarily from those same sites. The leaked data could have been from ANY site using Cloudflare caching. What does that mean? It means there are 4,287,625 possibly affected domains 1. Got your attention yet?

Tavis Ormandy, a researcher with Google’s Project Zero Team noticed


To View the Full version of this Article Please Sign Up or Login

By Signing up for the CNP Report you receive:

  • Unlimited access to the entire CardNotPresent.com site
  • Share your comments on articles and join the conversation
  • Receive our CNP Report Newsletter